XPRA Fixes

TODO: Matlab not working???
2023-10-27 11:52:31 -04:00 · 2023-10-27 11:52:31 -04:00 · 85e721a9fd
parent 8f5c8a1a2e
commit 85e721a9fd
1 changed files with 49 additions and 3 deletions
--- a/machines/kcnhub/servers/xpra.nix
+++ b/machines/kcnhub/servers/xpra.nix
@ -10,7 +10,54 @@
    ${pkgs.xpra}/bin/xpra $@ --html=${xpra-html5}/html5
  '';
 in {
+  nixpkgs.overlays = [
+    (final: prev: {
+      xpra = prev.xpra.overrideAttrs (old: {
+        postPatch = old.postPatch or "" + ''
+          sed -e 's#"%s/share/xsessions" % sys.prefix#"${config.services.xserver.displayManager.sessionData.desktops}/share/xsessions"#g' -i xpra/platform/xposix/menu_helper.py
+        '';
+      });
+    })
+  ];
+  # To use instead of Plasma
+  services.xserver.windowManager.fluxbox.enable = true;
  environment.systemPackages = [ pkgs.xpra ];
+  security.pam.services = {
+    xpra = {
+      text = ''
+        # Account management.
+        account required pam_unix.so
+
+        # Authentication management.
+        auth sufficient pam_unix.so   likeauth try_first_pass
+        auth required pam_deny.so
+
+        # Password management.
+        password sufficient pam_unix.so nullok yescrypt
+
+        session required pam_unix.so
+
+        #account    required     pam_nologin.so
+        # account    include      system-auth
+        # password   include      system-auth
+
+        # pam_selinux.so close should be the first session rule
+        #session    required     pam_selinux.so close
+        session    required     pam_loginuid.so
+        #to require a local user account, uncomment this line:
+        #session    required     pam_localuser.so
+        # session    sufficient   pam_systemd.so class=background type=x11
+
+        # pam_selinux.so open should only be followed by sessions to be executed in the user context
+        # session    required     pam_selinux.so open
+        # session    required     pam_namespace.so
+        # session    optional     pam_keyinit.so force revoke
+        # session    include      system-auth
+        # session    include      postlogin
+        -session   optional     pam_ck_connector.so
+      '';
+    };
+  };
  systemd.sockets.xpra-web = {
    description = "Xpra Web Socket";
    partOf = [ "xpra-web.service" ];
@ -32,9 +79,8 @@ in {
    serviceConfig = {
      Type = "simple";
      ExecStart = ''${xpra-web} proxy :14500 --daemon=no \
-                       --socket-dirs=/run/xpra --socket-permissions=666 \
-                       --log-dir=/var/log --pidfile=/run/xpra/proxy.pid \
-                       --ws-auth=pam --auth=pam --tcp-auth=pam --bind-tcp=0.0.0.0:10000'';
+                      --tcp-auth=pam --auth=pam --bind=none \
+                      --log-dir=/var/log --pidfile=/run/xpra/proxy.pid --bind-tcp=:10000'';
      Restart = "always";
      # Security
      NoNewPrivileges = true;